Incident Management & Response:

• Analyze and respond to complex security alerts and incidents.
• Perform root-cause analysis, containment, eradication, and recovery.
• Escalate critical incidents to security management when needed.

Threat Hunting & Analysis:

• Proactively search for indicators of compromise (IoCs).
• Correlate events across SIEM tools and other systems.
• Investigate anomalies and unusual network or user behaviors.

Security Monitoring:

• Review alerts from SIEM tools (e.g., Splunk, QRadar, Sentinel).
• Fine-tune detection rules and correlation logic to reduce false positives.
• Work with L1 & L2 team to improve alert quality and triage efficiency.

Vulnerability & Patch Management:

• Analyze vulnerability scans and coordinate remediation with IT teams.
• Verify patch compliance and report deviations.

Endpoint & Network Security:

• Monitor and manage EDR tools (e.g., CrowdStrike, Defender, Carbon Black).
• Respond to malware infections, phishing attempts, and suspicious network traffic.

Access & Identity Management:

• Review privileged access controls and segregation of duties.
• Investigate unauthorized access attempts or identity compromise indicators.

Forensics & Reporting:

• Perform log analysis and evidence collection for incidents.
• Document findings, prepare post-incident reports, and recommend preventive actions.

Automation & Process Improvement:

• Support SOAR (Security Orchestration, Automation, and Response) workflows.
• Develop playbooks and improve existing runbooks for faster resolution.

Collaboration & Mentorship:

• Guide L1 & L2 analysts on triage and escalation.
• Collaborate with SOC managers, and IT operations teams.

 Technical Skills:

• SIEM Tools: Splunk, QRadar, Microsoft Sentinel, ArcSight, etc.
• EDR/XDR: CrowdStrike, Carbon Black, Defender ATP, Tanium, etc.
• SOAR Tools: Palo Alto Cortex XSOAR, Splunk SOAR, etc.
• Firewalls & IDS/IPS: Palo Alto, Cisco, Fortinet, Snort, Suricata.
• Vulnerability Tools: Qualys, Tenable, Rapid7.
• Cloud Security: AWS GuardDuty, Azure Security Center, GCP SCC.
• Scripting: Basic Python, PowerShell, or Bash for automation.
• Operating Systems: Windows, Linux, macOS security fundamentals